Google Chrome 2.0.172.33 has been released to the Stable and Beta channels. This release fixes a critical security issue and two other networking bugs.

CVE-2009-2121: Buffer overflow processing HTTP responses

Google Chrome is vulnerable to a buffer overflow in handling certain responses from HTTP servers. A specially crafted response from a server could crash the browser and possibly allow an attacker to run arbitrary code.

Thanks for your question. Your instinct is correct that the code in question here is outside the sandbox. The bug is in Chrome's browser kernel, which we try to keep small relative to the renderer code (which does run inside the sandbox).

Measures we are taking include a lot of internal code auditing, fuzzing and review. As you can see, we found this issue internally in the Chrome security team. We continue to work to keep the larger, more complex parts of the browser inside the sandbox.

This version of Google Chrome stable version 2.0.172.33 seems to have a major problem regarding to the speed and response of the websites. Sometimes it may hang for a while before access to different websites. When I need to change the websites during the process, this version of Google Chrome does not response to what the actual way that I needed. Besides that, why the Google Chrome always appear a cross and Linktest failed during the execution of Acid3 Test. I really hope that Google Team really put some effort in tweaking the Google Chrome browser to attain the ultimate standards. Another problem is the attacker message always appear without any reasons...Why? Hope Google Team can solve this problem as soon as possible as I very appreciate with the working behind google team. Thanks!